Hello there,
I’m trying to get my authorization code with an axios POST call in JS, with all the good parameters sended to this url : https://id.twitch.tv/oauth2/token.
But I’ve got this error as response :

I’ve already get my code in this URL : https://id.twitch.tv/oauth2/authorize
Here is my JS code :

I really don’t know here is the problem…
Thanks for help ! 
This likely indicates that the code
which is a one use code
has already been used to be exchanged for an access code.
Since you have this hardcoded rather than fetching it from query string parameters.
Addititionally your JS code indicates (DomContentLoaded
) that you appear to be doing a code
to token
exchange in the front end, which will leak you private client_secret
to the world.
1 Like
Yes I have refresh a new code and it does work really well.
This code was for testing purposes but I will leave all my code in a secure file of course 
Thank you for your answer ! 
If you are making the request from the front end and not the backend then users can extract the client secret from the axios call made as it will log in the network inspector part of any web browser inspector.
So a “secure file” doesn’t really exist on the front end.